This month in security: June 2020
Australian government and businesses hit by malicious cyber events, pointing to a coordinated cyber threat
Security experts and Prime Minister believe the scale and nature of the attacks could indicate the involvement of foreign state-based actors.
Cyber attacks are fairly routine for Australian governments and businesses. Defence Minister Linda Reynolds noted: “no doubt that malicious cyber activity is increasing in frequency, scale, in sophistication and in its impact”. It’s hard to say if a state-based actor is behind them, but the fact is, cyber threats are growing in scale. At the bare minimum, organisations need to stay up-to-date when it comes to patching any connected devices, which includes web and email servers. Next, multi-factor authentication should be standard. Most importantly, train and educate your people. That’s probably the single most important thing you can do to secure your organisation.
Universities turn to invasive surveillance tech to combat cheating
Experts raise privacy concerns as Universities mandate invasive student monitoring software to stamp out cheating in exams.
Some universities are taking a heavy-handed approach to monitoring their students during exams, requiring students to install invasive software that takes over their device. Some of those apps not only capture video, but also monitors students’ movements to make sure they don’t check notes off-screen. It also taps into audio to make sure no one is whispering answers off-camera. Many experts have raised concerns about what data and information the software will save. Universities insist they are in full compliance with data privacy laws, but the line is a tricky one to navigate. Data privacy is a highly sensitive issue, and unis just may be close to crossing the line here.
Online shoppers, daters and gamers prime targets for scammers, warns ACCC
According to a report by the ACCC, scams cost Australians more than $634 million last year.
Scamwatch and the big four banks reported more than 353,000 scams in 2019 alone. Business email compromise scams accounted for the highest losses in that year, while the Australian business community and individuals lost $132 million. This was followed by investment scams at $126 million, and dating and romance scams at $83 million. Reports show that over the last decade, Australians have lost $2.5 billion to scams and cyberfrauds. Since the pandemic began, Scamwatch has reported over 3,060 coronavirus themed scams, costing Australians $1,371,000 in reported losses. And seeing how digitally dependent every facet of our society has become, it looks like this number will only get bigger with time.
Beverages giant Lion hit by cyberattack as hackers target Australian businesses
The Australian beverages giant experienced a major cyberattack that disrupted its manufacturing operations and internal IT systems.
The company said they lost remote access due to the attack, and their beer business had to put a pause on manufacturing as a result. They’ve had to limit the output of their perishables as well. We’ve talked before about how disruptive a cyber incident can be, as Toll Group and BlueScope steel recently found out. The danger is here, it’s real, and it’s costing industries real money. The question is, how much longer can Australian companies afford to delay their cybersecurity plans?
Fisher and Paykel blindsided by cyberattack
Appliance manufacturer Fisher and Paykel just became the latest target of a ransomware cyberattack.
New Zealand-based company Fisher and Paykel was hit by a malware program called Nefilim, and the hackers behind it have already started to publish their corporate files on the dark web. The compromised data includes financial data like balance sheets, reviews, and budgets dating back to 2013. We always knew that manufacturers and supply chains had ramshackle cybersecurity measures in place. It looks like hackers have realised the same.
CBA uncovers abusive messages hidden in digital transactions
The bank identified more than 8000 customers who had sent multiple transactions of small amounts of money, often less than $1, with abusive messages included in the transaction description.
You can’t fault cybercriminals on their inventiveness. Who knew that digital transaction receipts from a bank could be used as a messaging service? That being said, this was a terribly inappropriate and deeply disturbing use of a bank’s customer services and raises a lot of privacy concerns. CBA has now updated its policies so it can suspend transactions or discontinue the accounts of customers engaging in such behaviour.